Part of the data from Shen shouzhong, Zhang yuqing "crawler-based XSS vulnerability detection tool design and implementation": http://download.csdn.net/detail/xihuanqiqi/4655513
I. Graphic analysis of XSS-scan system principles the system modules they wrote are relatively clear and easy to understand. My explanation is as follows: 1. first, use the crawler module to capture the page url (that is, put the URL in a queue called the crawler URL Queue) 2. request the crawled URL to obtain the HTML code on this web page. analyze the web page and perform "Can injection test" on the URL in the analysis. I think it is to determine whether there is any parameter transfer in the URL. If it can be injected, put the URL in the testurlqueue queue to perform the next step of the tesing module. At the same time, the URL Information is added to the URL hashtable, And the next URL is continuously captured and placed in the crawlerurlqueue. 4. Continuously retrieve records from the testurlqueue queue for testing. If the test has vulnerabilities, record them. If not, repeat them until testurlqueue is empty and the crawlerurlqueue is empty. ========================================== 1. system Module 2. crawler Module
3. Testing Module 4. Web page analysis module 2 xsser code analysis